As per a recent leak, the operator of a public repository on GitLab has uploaded a treasure trove of source code from dozens of high-profile companies across tech, retail, finance, e-commerce, etc. sectors. The data was compiled in the repository by Tillie Kottmann. The leaked code was found to be from various resources and found by Kottmann while looking for misconfigured DevOps tools.
As per the cybersecurity researcher @Bank_Security, it has been found that more than 50 companies are published in the repository. Some folders in the repository are said to contain some important credentials. Some of the companies whose data was found in the repository were Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Huawei Hisilicon, Mediatek, GE Appliances, Nintendo, Roblox, Disney and more.
However, Kottmann now claims that the hardcoded credentials have been removed. As per a statement released by him, “I try to do my best to prevent any major things resulting directly from my releases“. He has even confirmed that all the details will be shared with the affected companies if requested in the future. Also, they assured that any such takedown request will always be accepted.
Reports also suggest that some of the Kottmann’s repo projects were made public by their original developers themselves, while others were last updated a long time ago. There are no details regarding how many details have been leaked, but more information will surely come about it. Until then, the companies should have a look at their security structure regarding this leak.